46 matches found
AZL-77828 CVE-2025-47278 affecting package python-flask 1.1.1-4
Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...
CVE-2025-47278 Flask uses fallback key instead of current signing key
Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...
Flask-CORS 安全漏洞
Flask-CORS is a cross-origin resource sharing component for Flask by the individual developer Cory Dolphin. A security vulnerability exists in Flask-CORS version 4.0.1 that stems from allowing Access-Control-Allow-Private-Network to set the CORS header to true by default without any configuration...
OESA-2023-1936 python-flask security update
Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks...
OESA-2023-1922 python-flask security update
Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks...
ROS-20230616-05
A vulnerability in the Flask framework is related to the ability to send one client's session cookie to other users. users. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to protected information...
SUSE CVE-2023-30861
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
The vulnerability of the Flask framework lies in its ability to send a single client’s cookie session file to other users, allowing an attacker to access protected information.
The vulnerability of the Flask framework lies in the ability to send a session cookie file from one client to other users. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to protected information...
Improper Error Handling at Rating function
Description Please enter a description of the vulnerability. Navigating rating function http://127.0.0.1:8083/ratings/stored/-1 Change this number to arbitrary characters http://192.168.14.180:8083/ratings/stored/-2 Error occurs allows user to know the path of application file within system...
CVE-2022-31568
The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31554
The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31532
The dankolbman/travelblahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
BaiduWenkuSpider_flaskWeb 路径遍历漏洞
BaiduWenkuSpiderflaskWeb is a python web project based on the FlaskFrame framework for crawling Baidu's library by ChangeWeDer personal developer. path traversal vulnerability exists in versions of BaiduWenkuSpiderflaskWeb prior to 2021-11-29, which The vulnerability stems from a failure of the...
photo_tag 路径遍历漏洞
phototag is a photo tagging tool by the individual developer of Boring YiBa. A security vulnerability exists in phototag version 2020-08-31 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...
wormnest 路径遍历漏洞
wormnest is a Python3 Flask/SQL-Alchemy web server for URL narrowing and manipulating file services by individual developer John Torakis in Greece. A path traversal vulnerability exists in wormnest version 0.4.7, which stems from insecure use of the Flask sendfile function...
vulhub
It is an offensive tool for web application security training. The primary target is the web application, specifically the Flask framework. The vulnerability class/vector is Server-Side Template Injection SSTI. The probable entry points are scripts/modules such as flask/ssti/exploit.py. Notable...
Sitadel
This is a web application security scanner called Sitadel, which is an update for WAScan making it compatible with Python 3.4 and above. It allows for more flexibility in writing new modules and implementing new features, such as frontend framework detection, content delivery network detection, a...
[SECURITY] Fedora 31 Update: python-flask-admin-1.5.6-1.fc31
Flask-Admin is advanced, extensible and simple to use administrative interf ace building extension for Flask framework. It comes with batteries included: model scaffolding for SQLAlchemy, MongoEngine, MongoDB and Peewee ORMs, simple file management interface and a lot of usage samples. You're not...
[SECURITY] Fedora 32 Update: python-flask-admin-1.5.6-1.fc32
Flask-Admin is advanced, extensible and simple to use administrative interf ace building extension for Flask framework. It comes with batteries included: model scaffolding for SQLAlchemy, MongoEngine, MongoDB and Peewee ORMs, simple file management interface and a lot of usage samples. You're not...
Fedora: Security Advisory for python-flask-admin (FEDORA-2020-e8f384af5f)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...